[***]            Summary:            [***]

11 new OPEN, 49 new PRO (11 + 38).  DTLoader, Cobalt Strike, Win32/Ymacco.AAFF, Various Phishing, Suri5 Updates.

Thanks: @James_inthe_box

Please share issues, feedback, and requests at https://feedback.emergingthreats.net/feedback

[+++]          Added rules:          [+++]

Open:

  2031119 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC)
(trojan.rules)
  2031120 - ET INFO Improperly Spaced Accept Header in User-Agent
(info.rules)
  2031121 - ET EXPLOIT InoERP 0.7.2 Unauthenticated Remote Code Execution
(Outbound) (exploit.rules)
  2031122 - ET EXPLOIT InoERP 0.7.2 Unauthenticated Remote Code Execution
(Inbound) (exploit.rules)
  2031123 - ET INFO Suspicious PHP Code in HTTP POST (Outbound) (info.rules)
  2031124 - ET INFO Suspicious PHP Code in HTTP POST (Inbound) (info.rules)
  2031125 - ET INFO Suspicious PHP Code in HTTP POST (Outbound) (info.rules)
  2031126 - ET INFO Suspicious PHP Code in HTTP POST (Inbound) (info.rules)
  2031127 - ET TROJAN DTLoader Binary Request (trojan.rules)
  2031128 - ET TROJAN DTLoader Encoded Binary - Server Response
(trojan.rules)
  2031129 - ET TROJAN DTLoader Domain (ahgwqrq .xyz in TLS SNI)
(trojan.rules)

Pro:

  2845167 - ETPRO POLICY External IP Address Lookup Domain SSL Cert
(geodatatool .com) (policy.rules)
  2845168 - ETPRO TROJAN Cobalt Strike Malleable C2 (JQuery Profile) M3
(trojan.rules)
  2845169 - ETPRO TROJAN Observed Malicious SSL Cert (Power Spy Keylogger)
(trojan.rules)
  2845170 - ETPRO TROJAN Observed Malicious SSL Cert (Power Spy Keylogger)
(trojan.rules)
  2845171 - ETPRO CURRENT_EVENTS Successful Venmo Phish 2020-10-27
(current_events.rules)
  2845172 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-27 (current_events.rules)
  2845173 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-10-27
(current_events.rules)
  2845174 - ETPRO CURRENT_EVENTS Successful Natwest Phish 2020-10-27
(current_events.rules)
  2845175 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-10-27 (current_events.rules)
  2845176 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-10-27 (current_events.rules)
  2845177 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-10-27
(current_events.rules)
  2845178 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-10-27
(current_events.rules)
  2845179 - ETPRO CURRENT_EVENTS Successful TD Bank Phish 2020-10-27
(current_events.rules)
  2845180 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2845181 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2845182 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-10-27 (current_events.rules)
  2845183 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-10-27
(current_events.rules)
  2845184 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-10-27
(current_events.rules)
  2845185 - ETPRO CURRENT_EVENTS Successful Tangerine Phish 2020-10-27
(current_events.rules)
  2845186 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 1) (trojan.rules)
  2845187 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 2) (trojan.rules)
  2845188 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 3) (trojan.rules)
  2845189 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 4) (trojan.rules)
  2845190 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 5) (trojan.rules)
  2845191 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 6) (trojan.rules)
  2845192 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2020-10-27 7) (trojan.rules)
  2845193 - ETPRO TROJAN TeamViewer Dropper Checkin (trojan.rules)
  2845194 - ETPRO TROJAN Win32/Remcos RAT Checkin 579 (trojan.rules)
  2845195 - ETPRO TROJAN Win32/Remcos RAT Checkin 580 (trojan.rules)
  2845196 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI
(trojan.rules)
  2845197 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (3980a)
(web_client.rules)
  2845198 - ETPRO INFO Unusually Long freeddns DynDNS Domain (info.rules)
  2845199 - ETPRO INFO Unusually Long mywire DynDNS Domain (info.rules)
  2845200 - ETPRO MALWARE Win32/Ymacco.AAFF Activity (client IP check)
(malware.rules)
  2845201 - ETPRO MALWARE Win32/Ymacco.AAFF Activity (server IP retrieval)
(malware.rules)
  2845202 - ETPRO MALWARE Win32/Ymacco.AAFF Activity (configuration
retrieval) (malware.rules)
  2845203 - ETPRO MALWARE Win32/Ymacco.AAFF Activity (version check)
(malware.rules)
  2844060 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(Recursive_Wallets/) M2 (info.rules)

[///]     Modified active rules:     [///]

  2009363 - ET WEB_SERVER Suspicious Chmod Usage in URI (Inbound)
(web_server.rules)
  2018403 - ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe
(trojan.rules)
  2027941 - ET POLICY DNS Query to a Reverse Proxy Service Observed
(policy.rules)
  2028991 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
  2029101 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
  2029176 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
  2029189 - ET TROJAN OilRig APT PowDesk Powershell Check (trojan.rules)
  2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller
Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules)
  2029207 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection
Inbound (CVE-2019-7256) (exploit.rules)
  2029208 - ET SCAN Dark Nexus IoT Variant User-Agent (Inbound) (scan.rules)
  2029209 - ET TROJAN Dark Nexus IoT Variant User-Agent (Outbound)
(trojan.rules)
  2029213 - ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection
Outbound (CVE-2019-7256) (exploit.rules)
  2029215 - ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command
Execution Outbound (exploit.rules)
  2029216 - ET INFO Suspicious Chmod Usage in URI (Outbound) (info.rules)
  2029220 - ET TROJAN Observed Buran Ransomware UA (trojan.rules)
  2029223 - ET TROJAN Legion Loader Activity Observed (carlos_castaneda)
(trojan.rules)
  2029224 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029226 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029227 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029229 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029230 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)
  2029238 - ET TROJAN Legion Loader Activity Observed (trojan.rules)
  2029239 - ET TROJAN DonotGroup Staging Domain Observed in DNS Query
(trojan.rules)
  2029253 - ET TROJAN [401TRG] PS/PowDesk Checkin (APT34) (trojan.rules)
  2029254 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query
(trojan.rules)
  2029257 - ET INFO Observed Lets Encrypt Certificate for Suspicious TLD
(.top) (info.rules)
  2029258 - ET POLICY GG Url Shortener Observed in DNS Query (policy.rules)
  2029268 - ET WEB_CLIENT Observed DNS Query to Malicious Cookie Monster
Roulette JS Cookie Stealer Exfil Domain (web_client.rules)
  2029279 - ET TROJAN Win32/Emotet CnC Activity (POST) M7 (trojan.rules)
  2029281 - ET TROJAN SMS-Bomber Activity (trojan.rules)
  2029289 - ET TROJAN Group 21 CnC Domain Observed in DNS Query
(trojan.rules)
  2029297 - ET TROJAN MageCart CnC Domain Observed in DNS Query
(trojan.rules)
  2029302 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029303 - ET TROJAN Magecart CnC Domain Observed in DNS Query
(trojan.rules)
  2029305 - ET TROJAN Malicious SSL Cert (Magecart) (trojan.rules)
  2029307 - ET TROJAN Observed Malicious SSL Cert (ELF/Rekoobe CnC)
(trojan.rules)
  2029308 - ET POLICY Website Hosting Service Observed in DNS Query
(policy.rules)
  2029309 - ET TROJAN ELF/Rekoobe CnC Observed in DNS Query (trojan.rules)
  2029310 - ET TROJAN Gamaredon CnC Observed in DNS Query (trojan.rules)
  2029311 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029312 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029313 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029314 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029315 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029316 - ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2029322 - ET POLICY Telegram API Certificate Observed (policy.rules)
  2029323 - ET TROJAN Possible Generic RAT over Telegram API (trojan.rules)
  2029325 - ET TROJAN Observed Unk.PowerShell Loader CnC Domain in TLS SNI
(trojan.rules)
  2029327 - ET TROJAN Diezen/Sakabota CnC Domain Observed in DNS Query
(trojan.rules)
  2029656 - ET CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M2 (current_events.rules)
  2029684 - ET CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-27 (current_events.rules)
  2031074 - ET TROJAN Win32/Ficker Stealer Activity (trojan.rules)
  2823399 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M4 (current_events.rules)
  2837353 - ETPRO TROJAN Sharik/Smokeloader CnC Beacon 15 (trojan.rules)
  2838234 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-08-29 (current_events.rules)
  2839331 - ETPRO INFO Suspicious User-Agent containing Loader Observed
(info.rules)
  2839927 - ETPRO TROJAN Banload Variant Checkin (trojan.rules)
  2840149 - ETPRO TROJAN Win32/Namoo CnC Activity (trojan.rules)
  2840150 - ETPRO TROJAN Possible Win32/Namoo CnC Activity Response
(trojan.rules)
  2840151 - ETPRO TROJAN Win32/Unk.Spambot (trojan.rules)
  2840152 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2019-12-30
(current_events.rules)
  2840153 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2019-12-30
(current_events.rules)
  2840154 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-30 (current_events.rules)
  2840155 - ETPRO CURRENT_EVENTS Successful American Express Phish
2019-12-30 (current_events.rules)
  2840156 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2019-12-30 (current_events.rules)
  2840157 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2019-12-30 (current_events.rules)
  2840158 - ETPRO CURRENT_EVENTS Successful Fidelity Phish 2019-12-30
(current_events.rules)
  2840159 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-12-30
(current_events.rules)
  2840160 - ETPRO TROJAN Shasaizi CnC Host Checkin (trojan.rules)
  2840161 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-30 (current_events.rules)
  2840170 - ETPRO CURRENT_EVENTS Successful Microsoft Excel Phish
2019-12-31 (current_events.rules)
  2840171 - ETPRO CURRENT_EVENTS Successful Banorte Bank Phish 2019-12-31
(current_events.rules)
  2840172 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-31
(current_events.rules)
  2840173 - ETPRO CURRENT_EVENTS Successful Chase Phish 2019-12-31
(current_events.rules)
  2840174 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2019-12-31
(current_events.rules)
  2840175 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
  2840176 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2019-12-31
(current_events.rules)
  2840177 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
  2840178 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
  2840179 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2019-12-31 (current_events.rules)
  2840180 - ETPRO CURRENT_EVENTS Successful BMO Phish 2019-12-31
(current_events.rules)
  2840181 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2019-12-31 (current_events.rules)
  2840182 - ETPRO CURRENT_EVENTS Successful ING Phish 2019-12-31
(current_events.rules)
  2840183 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-12-31
(current_events.rules)
  2840184 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2019-12-31 (current_events.rules)
  2840185 - ETPRO CURRENT_EVENTS Successful Facebook FR Phish 2019-12-31
(current_events.rules)
  2840186 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2019-12-31
(current_events.rules)
  2840187 - ETPRO CURRENT_EVENTS Successful Hinet Phish 2019-12-31
(current_events.rules)
  2840188 - ETPRO CURRENT_EVENTS Successful Sprint Identityguard Phish
2019-12-31 (current_events.rules)
  2840195 - ETPRO TROJAN Attackbot CnC Activity (trojan.rules)
  2840196 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-02 (current_events.rules)
  2840197 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-02 (current_events.rules)
  2840198 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-02 (current_events.rules)
  2840200 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-01-02
(current_events.rules)
  2840201 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2020-01-02
(current_events.rules)
  2840202 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-02
(current_events.rules)
  2840203 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-02
(current_events.rules)
  2840204 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-02
(current_events.rules)
  2840205 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-02
(current_events.rules)
  2840206 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-02
(current_events.rules)
  2840207 - ETPRO CURRENT_EVENTS Successful VBV Phish 2020-01-02
(current_events.rules)
  2840208 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-02
(current_events.rules)
  2840209 - ETPRO CURRENT_EVENTS Successful Garanti Bank Phish 2020-01-02
(current_events.rules)
  2840210 - ETPRO CURRENT_EVENTS Successful Gmail Phish 2020-01-02
(current_events.rules)
  2840211 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-02 (current_events.rules)
  2840213 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-02
(current_events.rules)
  2840214 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-02
(current_events.rules)
  2840215 - ETPRO CURRENT_EVENTS Successful Telstra Phish 2020-01-02
(current_events.rules)
  2840216 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-01-02 (current_events.rules)
  2840217 - ETPRO TROJAN Win32/Zpevdo.A CnC Host Checkin (trojan.rules)
  2840218 - ETPRO TROJAN Win32/Likseput.B CnC Activity (trojan.rules)
  2840232 - ETPRO MOBILE_MALWARE Trojan-Ransom.AndroidOS.Egat.d App List
Exfil (mobile_malware.rules)
  2840242 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03
(current_events.rules)
  2840243 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03
(current_events.rules)
  2840244 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-03
(current_events.rules)
  2840245 - ETPRO CURRENT_EVENTS Successful Blockchain Phish 2020-01-03
(current_events.rules)
  2840246 - ETPRO CURRENT_EVENTS Successful Vakifbank Phish 2020-01-03
(current_events.rules)
  2840247 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2020-01-03
(current_events.rules)
  2840248 - ETPRO CURRENT_EVENTS Successful Generic Multibank Phish
2020-01-03 (current_events.rules)
  2840249 - ETPRO CURRENT_EVENTS Successful Associated Bank Phish
2020-01-03 (current_events.rules)
  2840251 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-03 (current_events.rules)
  2840252 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-03
(current_events.rules)
  2840253 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-03
(current_events.rules)
  2840254 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-01-03
(current_events.rules)
  2840255 - ETPRO TROJAN Nanobot.px CnC Log Reporting (trojan.rules)
  2840256 - ETPRO TROJAN MSIL/GenKryptik.DZXQ CnC Activity (trojan.rules)
  2840260 - ETPRO CURRENT_EVENTS Successful Minha BV Bank Phish 2020-01-06
(current_events.rules)
  2840264 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-06
(current_events.rules)
  2840266 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-06 (current_events.rules)
  2840267 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-06
(current_events.rules)
  2840268 - ETPRO CURRENT_EVENTS Successful USAA Phish 2020-01-06
(current_events.rules)
  2840269 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish
2020-01-06 (current_events.rules)
  2840270 - ETPRO TROJAN Win32/KPOT Stealer Initial CnC Activity M3
(trojan.rules)
  2840272 - ETPRO TROJAN Win32/Zpevdo.A CnC Host Checkin (trojan.rules)
  2840273 - ETPRO CURRENT_EVENTS Successful Telstra Phish 2020-01-06
(current_events.rules)
  2840274 - ETPRO TROJAN BlackRouter/BlackRoot Ransomware Variant CnC
Checkin (trojan.rules)
  2840275 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2840276 - ETPRO TROJAN Observed Malicious SSL Cert (DonotGroup CnC)
(trojan.rules)
  2840298 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-01-07 (current_events.rules)
  2840299 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-07 (current_events.rules)
  2840300 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-07 (current_events.rules)
  2840301 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-07 (current_events.rules)
  2840302 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-07
(current_events.rules)
  2840303 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-07
(current_events.rules)
  2840304 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-07 (current_events.rules)
  2840305 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-07 (current_events.rules)
  2840306 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-07 (current_events.rules)
  2840307 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-07
(current_events.rules)
  2840319 - ETPRO CURRENT_EVENTS Successful My3 Phish 2020-01-08
(current_events.rules)
  2840320 - ETPRO CURRENT_EVENTS Successful AOL Phish 2020-01-08
(current_events.rules)
  2840321 - ETPRO CURRENT_EVENTS Successful Agibank Phish 2020-01-08
(current_events.rules)
  2840322 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-01-08
(current_events.rules)
  2840323 - ETPRO CURRENT_EVENTS Successful BNP Paribas Phish 2020-01-08
(current_events.rules)
  2840324 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-01-08
(current_events.rules)
  2840325 - ETPRO CURRENT_EVENTS Successful Verified by Visa Phish
2020-01-08 (current_events.rules)
  2840326 - ETPRO CURRENT_EVENTS Successful Apple Phish 2020-01-08
(current_events.rules)
  2840327 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-08 (current_events.rules)
  2840328 - ETPRO TROJAN Observed Malicious SSL Cert (Gozi CnC)
(trojan.rules)
  2840329 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2840336 - ETPRO CURRENT_EVENTS Successful Microsoft Shared Document Phish
2020-01-09 (current_events.rules)
  2840337 - ETPRO CURRENT_EVENTS Successful Microsoft Shared Document Phish
2020-01-09 (current_events.rules)
  2840338 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2020-01-09
(current_events.rules)
  2840339 - ETPRO CURRENT_EVENTS Successful Alibaba Phish 2020-01-09
(current_events.rules)
  2840340 - ETPRO CURRENT_EVENTS Successful Turkey Gov TR Phish 2020-01-09
(current_events.rules)
  2840342 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-09
(current_events.rules)
  2840343 - ETPRO CURRENT_EVENTS Successful RBFCU Phish 2020-01-09
(current_events.rules)
  2840344 - ETPRO CURRENT_EVENTS Successful Latam Airlines Phish 2020-01-09
(current_events.rules)
  2840345 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2020-01-09 (current_events.rules)
  2840346 - ETPRO CURRENT_EVENTS Successful BCP Phish 2020-01-09
(current_events.rules)
  2840347 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-09
(current_events.rules)
  2840348 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-01-09
(current_events.rules)
  2840349 - ETPRO CURRENT_EVENTS Successful Discover Phish 2020-01-09
(current_events.rules)
  2840350 - ETPRO MALWARE W32/Kuping Installation (malware.rules)
  2840351 - ETPRO MALWARE W32/Kuping Commands (malware.rules)
  2840352 - ETPRO TROJAN Win32/Buptenda.A Variant CnC Checkin (trojan.rules)
  2840365 - ETPRO CURRENT_EVENTS Successful IRS Phish 2020-01-10
(current_events.rules)
  2840368 - ETPRO CURRENT_EVENTS Successful RBFCU Phish 2020-01-10
(current_events.rules)
  2840369 - ETPRO CURRENT_EVENTS Successful Western Union Phish 2020-01-10
(current_events.rules)
  2840370 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-10 (current_events.rules)
  2840372 - ETPRO CURRENT_EVENTS Successful Adobe PDF Online Phish
2020-01-10 (current_events.rules)
  2840373 - ETPRO CURRENT_EVENTS Successful Banco Estado Phish 2020-01-10
(current_events.rules)
  2840374 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-01-10
(current_events.rules)
  2840375 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2020-01-10
(current_events.rules)
  2840376 - ETPRO CURRENT_EVENTS Successful Nedbank Phish 2020-01-10
(current_events.rules)
  2840378 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-10 (current_events.rules)
  2840379 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-10 (current_events.rules)
  2840380 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840381 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840382 - ETPRO TROJAN Win32/QQWare Variant Checkin (trojan.rules)
  2840383 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)
(trojan.rules)
  2840384 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2840394 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-13
(current_events.rules)
  2840395 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2020-01-13
(current_events.rules)
  2840396 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-13
(current_events.rules)
  2840397 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2020-01-13
(current_events.rules)
  2840398 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-13 (current_events.rules)
  2840399 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-01-13
(current_events.rules)
  2840400 - ETPRO CURRENT_EVENTS Successful Generic Email Deactivation
Phish 2020-01-13 (current_events.rules)
  2840401 - ETPRO CURRENT_EVENTS Successful Maersk Shipping Documents Phish
2020-01-13 (current_events.rules)
  2840402 - ETPRO CURRENT_EVENTS Successful Scotiabank Phish 2020-01-13
(current_events.rules)
  2840403 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-13
(current_events.rules)
  2840407 - ETPRO TROJAN Observed Malicious SSL Cert (PredatorTheThief CnC)
(trojan.rules)
  2840408 - ETPRO POLICY Observed SSL Cert (Pastecode) (policy.rules)
  2840410 - ETPRO TROJAN Observed Malicious SSL Cert (CQueStealer CnC)
(trojan.rules)
  2840411 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC)
(trojan.rules)
  2840420 - ETPRO TROJAN Icefrog/Temp.Trident Domain Observed (trojan.rules)
  2840425 - ETPRO CURRENT_EVENTS Successful Cpanel Update Password Phish
2020-01-14 (current_events.rules)
  2840427 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-14 (current_events.rules)
  2840428 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-14 (current_events.rules)
  2840429 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-14 (current_events.rules)
  2840430 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-14 (current_events.rules)
  2840431 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-14 (current_events.rules)
  2840432 - ETPRO TROJAN Observed Malicious SSL Cert (Phishing)
(trojan.rules)
  2840439 - ETPRO TROJAN VBS/CageyChameleon CnC Beacon (trojan.rules)
  2840442 - ETPRO CURRENT_EVENTS Successful Raiffeisen Bank Phish
2020-01-15 (current_events.rules)
  2840443 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-15
(current_events.rules)
  2840444 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-15 (current_events.rules)
  2840445 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-15 (current_events.rules)
  2840446 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-15 (current_events.rules)
  2840447 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2020-01-15
(current_events.rules)
  2840448 - ETPRO CURRENT_EVENTS Successful Banco Bradesco Phish 2020-01-15
(current_events.rules)
  2840450 - ETPRO CURRENT_EVENTS Successful MKB Bank Phish 2020-01-15
(current_events.rules)
  2840451 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-15
(current_events.rules)
  2840452 - ETPRO CURRENT_EVENTS Successful Optimum Phish 2020-01-15
(current_events.rules)
  2840453 - ETPRO CURRENT_EVENTS Successful AT&T Phish 2020-01-15
(current_events.rules)
  2840454 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-15
(current_events.rules)
  2840456 - ETPRO TROJAN Observed Malicious SSL Cert (Malhost)
(trojan.rules)
  2840461 - ETPRO TROJAN Observed DNS Query to Malicious Unrecom CnC Domain
(trojan.rules)
  2840464 - ETPRO CURRENT_EVENTS Successful M&T Bank Phish 2020-01-16
(current_events.rules)
  2840465 - ETPRO CURRENT_EVENTS Successful SunTrust Bank Phish 2020-01-16
(current_events.rules)
  2840466 - ETPRO CURRENT_EVENTS Successful Excel Online Phish 2020-01-16
(current_events.rules)
  2840467 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840468 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840469 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish 2020-01-16
(current_events.rules)
  2840470 - ETPRO CURRENT_EVENTS Successful La Banque Postale Phish
2020-01-16 (current_events.rules)
  2840471 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-16 (current_events.rules)
  2840473 - ETPRO CURRENT_EVENTS Successful Xfinity/Comcast Phish
2020-01-16 (current_events.rules)
  2840474 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-16 (current_events.rules)
  2840475 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840476 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840489 - ETPRO TROJAN CageyChameleon ZIP Download Request M1
(trojan.rules)
  2840490 - ETPRO TROJAN CageyChameleon ZIP Download Request M2
(trojan.rules)
  2840493 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-17
(current_events.rules)
  2840494 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
  2840495 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
  2840496 - ETPRO CURRENT_EVENTS Successful Credit Mutuel FR Phish
2020-01-17 (current_events.rules)
  2840497 - ETPRO CURRENT_EVENTS Successful WhatsApp Phish 2020-01-17
(current_events.rules)
  2840498 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
  2840499 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-17
(current_events.rules)
  2840500 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-17 (current_events.rules)
  2840501 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-17 (current_events.rules)
  2840509 - ETPRO POLICY Possible Canary Token Service Domain Observed in
DNS Query (policy.rules)
  2840511 - ETPRO TROJAN Observed Malicious SSL Cert (Unk CnC)
(trojan.rules)
  2840512 - ETPRO TROJAN Observed Malicious SSL Cert (Unk/Xenon CnC)
(trojan.rules)
  2840513 - ETPRO POLICY Observed Suspicious SSL Cert (NordVPN Domain
Fronting) (policy.rules)
  2840521 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-21
(current_events.rules)
  2840522 - ETPRO CURRENT_EVENTS Successful Vodafone Phish 2020-01-21
(current_events.rules)
  2840523 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
  2840524 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
  2840525 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
  2840526 - ETPRO CURRENT_EVENTS Successful CIBC Phish 2020-01-21
(current_events.rules)
  2840527 - ETPRO CURRENT_EVENTS Successful OurTime Phish 2020-01-21
(current_events.rules)
  2840528 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-21
(current_events.rules)
  2840529 - ETPRO CURRENT_EVENTS Successful American Express Phish
2020-01-21 (current_events.rules)
  2840530 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2020-01-21
(current_events.rules)
  2840531 - ETPRO CURRENT_EVENTS Successful Banco Original Phish 2020-01-21
(current_events.rules)
  2840532 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-21
(current_events.rules)
  2840533 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-21
(current_events.rules)
  2840534 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-01-21 (current_events.rules)
  2840535 - ETPRO CURRENT_EVENTS Successful Generic Form Phish 2020-01-21
(current_events.rules)
  2840536 - ETPRO CURRENT_EVENTS Successful Generic Shared Document Phish
2020-01-21 (current_events.rules)
  2840537 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-21
(current_events.rules)
  2840538 - ETPRO CURRENT_EVENTS Successful Microsoft Update Your Account
Phish 2020-01-21 (current_events.rules)
  2840539 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-21
(current_events.rules)
  2840540 - ETPRO TROJAN Win32/Agent.AAPH Variant CnC (trojan.rules)
  2840541 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-01-21 (current_events.rules)
  2840542 - ETPRO TROJAN Observed Malicious SSL Cert (BoA Phish)
(trojan.rules)
  2840556 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840557 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840558 - ETPRO CURRENT_EVENTS Successful Facebook Phish 2020-01-22
(current_events.rules)
  2840560 - ETPRO CURRENT_EVENTS Successful VK Phish 2020-01-22
(current_events.rules)
  2840561 - ETPRO CURRENT_EVENTS Successful Sando Bank Phish 2020-01-22
(current_events.rules)
  2840562 - ETPRO CURRENT_EVENTS Successful Spectrum Webmail Phish
2020-01-22 (current_events.rules)
  2840563 - ETPRO TROJAN Muddywater Payload CnC Checkin (trojan.rules)
  2840564 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-22
(current_events.rules)
  2840565 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-22
(current_events.rules)
  2840566 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-22
(current_events.rules)
  2840567 - ETPRO CURRENT_EVENTS Successful Sprint Phish 2020-01-22
(current_events.rules)
  2840568 - ETPRO CURRENT_EVENTS Successful Rackspace Phish 2020-01-22
(current_events.rules)
  2840569 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-22
(current_events.rules)
  2840570 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-22 (current_events.rules)
  2840571 - ETPRO CURRENT_EVENTS Successful Tesco Phish 2020-01-22
(current_events.rules)
  2840572 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2020-01-22
(current_events.rules)
  2840573 - ETPRO CURRENT_EVENTS Successful ADCB Phish 2020-01-22
(current_events.rules)
  2840574 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-22
(current_events.rules)
  2840575 - ETPRO CURRENT_EVENTS Successful Sharepoint Phish 2020-01-22
(current_events.rules)
  2840576 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2020-01-22
(current_events.rules)
  2840577 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-22
(current_events.rules)
  2840578 - ETPRO CURRENT_EVENTS Successful Mobile DE Phish 2020-01-22
(current_events.rules)
  2840579 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-01-22
(current_events.rules)
  2840584 - ETPRO TROJAN Observed Malicious SSL Cert (APT32/OceanLotus CnC)
(trojan.rules)
  2840585 - ETPRO TROJAN DiamondFox CnC Checkin Variant (trojan.rules)
  2840595 - ETPRO TROJAN Win32/Inject.NJJ Variant Host Checkin
(trojan.rules)
  2840596 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2020-01-23
(current_events.rules)
  2840597 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-23 (current_events.rules)
  2840598 - ETPRO CURRENT_EVENTS Successful Fifth Third Bank Phish
2020-01-23 (current_events.rules)
  2840599 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-01-23 (current_events.rules)
  2840600 - ETPRO CURRENT_EVENTS Successful Wells Fargo Phish 2020-01-23
(current_events.rules)
  2840601 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-23
(current_events.rules)
  2840602 - ETPRO TROJAN Win32/F1L3F0lD Variant Host Checkin (trojan.rules)
  2840603 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-23 (current_events.rules)
  2840604 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-23 (current_events.rules)
  2840605 - ETPRO CURRENT_EVENTS Successful Halifax Phish 2020-01-23
(current_events.rules)
  2840606 - ETPRO CURRENT_EVENTS Successful Outlook Web App Phish
2020-01-23 (current_events.rules)
  2840607 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-23 (current_events.rules)
  2840609 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-23 (current_events.rules)
  2840627 - ETPRO TROJAN Possible TA402 DNS Lookup (Payload Staging)
(trojan.rules)
  2840630 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2020-01-24
(current_events.rules)
  2840631 - ETPRO CURRENT_EVENTS Successful Nubank Phish 2020-01-24
(current_events.rules)
  2840632 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
  2840633 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
  2840634 - ETPRO CURRENT_EVENTS Successful Chase Phish 2020-01-24
(current_events.rules)
  2840635 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-01-24 (current_events.rules)
  2840636 - ETPRO CURRENT_EVENTS Successful Comcast/Xfinity Phish
2020-01-24 (current_events.rules)
  2840637 - ETPRO CURRENT_EVENTS Successful Spark NZ Phish 2020-01-24
(current_events.rules)
  2840638 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
  2840639 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
  2840640 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish 2020-01-24
(current_events.rules)
  2840641 - ETPRO CURRENT_EVENTS Successful Santander Phish 2020-01-24
(current_events.rules)
  2840642 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-24
(current_events.rules)
  2840643 - ETPRO CURRENT_EVENTS Successful Verizon Phish 2020-01-24
(current_events.rules)
  2840644 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information
Phish 2020-01-24 (current_events.rules)
  2840645 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840646 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840648 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840649 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840650 - ETPRO CURRENT_EVENTS Successful Bank of America Phish
2020-01-24 (current_events.rules)
  2840651 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840652 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840668 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840669 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840670 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound)
(trojan.rules)
  2840671 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules)
  2840673 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2020-01-27
(current_events.rules)
  2840674 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-01-27 (current_events.rules)
  2840675 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish
2020-01-27 (current_events.rules)
  2840676 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2020-01-27
(current_events.rules)
  2840677 - ETPRO CURRENT_EVENTS Successful Maersk Phish 2020-01-27
(current_events.rules)
  2840678 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish
2020-01-27 (current_events.rules)
  2840680 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish
2020-01-27 (current_events.rules)
  2840681 - ETPRO CURRENT_EVENTS Successful Unicredit Phish 2020-01-27
(current_events.rules)
  2840682 - ETPRO CURRENT_EVENTS Successful Gov UK Identity Verification
Phish 2020-01-27 (current_events.rules)
  2840683 - ETPRO CURRENT_EVENTS Successful Casas Bahia Phish 2020-01-27
(current_events.rules)
  2840684 - ETPRO TROJAN HttpRat Host Checkin (trojan.rules)
  2840685 - ETPRO POLICY Observed SSL Cert (ipecho IP Check) (policy.rules)
  2840686 - ETPRO MALWARE Observed Malicious SSL Cert (Bspro Ads)
(malware.rules)
  2840687 - ETPRO TROJAN Observed Malicious SSL Cert (Wizzcaster)
(trojan.rules)
  2840718 - ETPRO TROJAN Win32/Spatet.I Host Checkin (trojan.rules)
  2840719 - ETPRO TROJAN Slimrat CnC Activity (trojan.rules)
  2840741 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (0df9c)
(web_client.rules)
  2840747 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (7d75f)
(web_client.rules)
  2840749 - ETPRO POLICY SSL/TLS Certificate Observed for Paste Site
(Rentry.co) (policy.rules)
  2840754 - ETPRO CURRENT_EVENTS Terse POST to Wordpress Folder - Probable
Successful Phishing M7 (current_events.rules)
  2840782 - ETPRO TROJAN Observed Malicious SSL Cert (More_eggs CnC)
(trojan.rules)
  2840808 - ETPRO TROJAN SoranoBot/F-AV CnC Host Checkin (trojan.rules)
  2844025 - ETPRO WEB_CLIENT Evil Keitaro Set-Cookie Inbound (8d7a4)
(web_client.rules)

[---]  Disabled and modified rules:  [---]

  2845069 - ETPRO CURRENT_EVENTS Successful Halifax Phish 2020-10-21
(current_events.rules)

[---]         Disabled rules:        [---]

  2030614 - ET TROJAN Observed Malicious SSL Cert (Lazarus APT MalDoc DL
2020-07-30) (trojan.rules)
  2030615 - ET TROJAN Observed Lazarus APT MalDoc DL Domain in TLS SNI
(trojan.rules)

[---]         Removed rules:         [---]

  2844060 - ETPRO ACTIVEX Suspicious Zipped Filename in Outbound POST
Request (Recursive_Wallets/) M2 (activex.rules)

Date:
Summary title:
11 new OPEN, 49 new PRO (11 + 38). DTLoader, Cobalt Strike, Win32/Ymacco.AAFF, Various Phishing, Suri5 Updates.